Security test for .net desktop application: upload a file (shell) to check how software behaves



  • I am looking for a most common injection file (shell) to import my software to check if it is open to these kind of attacks or not. Any recommendation, web sites or blogs?

    (summary: i will upload this file to my system and it will do some changes in the system)



  • A lot of stuff covered by OWASP applies to applications as the line between desktop app and web app blurs. Things like SQL injection, command injection, object injection to name a few injection attacks. I once tested a .Net MVC app by uploading a PHP file and tried to see if the code was executed or presented as raw text when viewed.

    As far as tools you could try a free product like Metasploit but the learning curve is steep.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2